To sum it up shorty, we had found a new ransomware which encrypted all pictures on the machine it infected, and asked the user to pay a ransom to get the files back.

While we do not usually work on that kind of malware, preferring to dive into APT malware, we spent several hours on this one because of an indirect impact on a friend.

So we started reverse engineering the binary, and found a flaw in its encryption implementation, which we managed to break and get the encrypted files back.

During the following week, the decryption tool we released publicly helped some victims to successfully decrypt their images. That was before the BitCrypt author released a new version of his ransomware: Bitcrypt 2.
We were curious enough to have a look on it.

Ransomware is nothing new. You might already have heard about it already, since it is a kind of fraud which can impact anyone and do severe damages. Some ransomware forbid you to access to your computer, while some others do crypt files on your system so that you cannot open them anymore.

No matter the action this kind of malware does, the victim always ends with a frightening message, which tells him to pay a ransom to get the computer access or data back.

People do not react to this message the same way. It all depends on their computer knowledge and on the value of the presumably "lost" data. People get stuck in front of the screen, wondering if they should pay or not. They think of trying to launch anti-virus products, but they are afraid the operation would definitely destroy their data...

Some lucky people do not care at all: they have done regular backup of their important data on an external harddrive. Luckily enough, they disconnect that external harddrive every time they do not use it. Their data is safe, and they will just try to disinfect their computer from the malware. If they cannot do it, well, they will reinstall the whole operating system.